Category:Penetration Testing Tools

From OWASP
Revision as of 18:49, 11 January 2010 by D0ubl3 h3lix (talk | contribs) (Information Gathering Tools)

Jump to: navigation, search
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.

Penetration Testing Tools

Information Gathering Tools

  • Fingerprinting
Name Owner Licence Platforms
httprint NetSquare Inc no cost for personal, educational and non-commercial use. Win, Lin, Mac, FreeBSD
httprecon Marc Ruef GPL Windows
Netcraft Netcraft Inc N/A WebBased

|- |align="left" | WebRecon |align="left" | Aung Khant |align="left" | N/A |align="left" | WebBased

Configuration Management Testing Tools

  • SSL Testing
Name Owner Licence Platforms
OpenSSL
SSL Digger
  • DB Listener Testing
Name Owner Licence Platforms
TNS Listener
Toad


Authentication Testing Tools

  • Password Brute Force Testing
Name Owner Licence Platforms
Burp Intruder
Brutus
John the Ripper
Ophcrack
THC Hydra


Session Management Testing Tools

Name Owner Licence Platforms
CookieDigger


Authorization Testing Tools

Data Validation Testing Tools

  • Fuzzers
  • SQL Injection Testing
  • XSS Testing
  • Buffer Overflow Testing


Denial of Service Testing Tools

Web Services Testing Tools

Ajax Testing Tools

HTTP Traffic Monitoring

  • Web Proxies
Name Owner Licence Platforms
Burp Suite
Paros Proxy
Webscarab
TamperIE
Tamper Data
SPIKE Proxy
Suru Web Proxy
Charles
Odysseus
JS Commander
ratproxy
  • Sniffers

Encoders / Decoders

  • CAPTCHA Decoders
Name Owner Licence Platforms
PWNtcha
The Captcha Breaker

Web Testing Frameworks

Name Owner Licence Platforms


w3af Andres Riancho and w3af team GPLv2 Windows, Linux

This category currently contains no pages or media.